Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT) has managed to disrupt the operations of a major cybercriminal organization believed to be responsible for fraudulent transactions totaling over $25 million (€19.5 million).

A number of 36 residences from Bucharest and various other cities have been searched; 16 individuals were arrested and a total of 20 will be called in for questioning.

According to authorities, the members of the criminal ring are responsible for breaching several computer systems from which they stole sensitive information, including credit card details. They utilized the data to perform fraudulent transactions or they sold it to other individuals involved in similar crimes.

The targeted companies are mostly popular gas stations and grocery stores from abroad, on the systems of which the attackers installed malicious pieces of software that helped them collect payment card information.

The harvested information was stored locally and transferred later by the fraudsters. In other situations it was automatically transmitted to dedicated servers or email accounts.

DIICOT reveals that, between December 2011 and October 2012, the crooks sold the details of 68,000 cards on a specialized underground market, earning a profit of $270,000 (€210,000).

In total, the cybercriminals used 500,000 payment cards to perform fraudulent transactions worth over $25 million (€19.5 million).

Technical and informational support in this case has been provided by the Romanian Intelligence Service (SRI).

Earlier today, we learned that a Romanian man was arrested by British authorities after stealing the details of 9,000 payment cards with the use of a skimming device fitted with a pinhole camera that recorded the PINs.

The man – who pleaded guilty to possession of skimming equipment and four counts of fraud – is believed to be part of a large, well-orchestrated organization.